Jump to content

Rajesh

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by Rajesh

  1. Hi, Sorry if this is answered earlier.. i can't find anything by "search". I hear that more than one real-time protection shouldn't be on at one time.. I already have KAV7 and Comodo Personal Firewall 2.4. If i purchase MBAM and enable the real time protection will it go OK or will i have any clashes? I don't want to purchase MBAM and then just use the on-demand scanning which is available in the freeware version.. Thanks & Regards Rajesh
  2. Removing SAV (Painfully slow.. with symantec's manual uninstall instructions) and re-installing just cleaned up things. Everything seem to work as it should. Thank You Very much.
  3. Thanks for the reply. Gives hope to see a response. The reason that think that it is some malware activity is... I compared the Program files\Symantec Antivirus folder with a backup. I see two .dat filers changed, and one .dat file removed. I restored these files from the backup, and then again if i try to enable auto-protect, the file gets changed & deleted. Yes. Please find attached the Combofix Log. Even now the Symantec Auto-protect can't be enabled.. Haven't tried surfing on Firefox yet. ComboFix 09-06-22.0A - srajesh 06/23/2009 6:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1572 [GMT -7:00] Running from: c:\documents and settings\srajesh\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\NetworkService\Application Data\zqpgubwx c:\documents and settings\NetworkService\Local Settings\Application Data\zqpgubwx c:\documents and settings\srajesh\Application Data\zqpgubwx c:\documents and settings\srajesh\Local Settings\Application Data\zqpgubwx c:\windows\system32\drivers\bkggeyhf.sys c:\windows\system32\drivers\ibhqjrjy.sys c:\windows\system32\drivers\SKYNETlobbpkti.sys c:\windows\system32\SKYNETaujyeuxf.dat c:\windows\system32\SKYNETlxgmxttg.dll c:\windows\system32\SKYNETvkaldpmt.dll c:\windows\system32\SKYNETysnlotnk.dat c:\documents and settings\NetworkService\Application Data\zqpgubwx\profiles.ini c:\documents and settings\NetworkService\Application Data\zqpgubwx\Profiles\kqlmkeou.default\cert8.db c:\documents and settings\NetworkService\Application Data\zqpgubwx\Profiles\kqlmkeou.default\compatibility.ini c:\documents and settings\NetworkService\Application Data\zqpgubwx\Profiles\kqlmkeou.default\compreg.dat c:\documents and settings\NetworkService\Application Data\zqpgubwx\Profiles\kqlmkeou.default\cookies.sqlite c:\documents and settings\NetworkService\Application Data\zqpgubwx\Profiles\kqlmkeou.default\formhistory.sqlite c:\documents and settings\NetworkService\Application Data\zqpgubwx\Profiles\kqlmkeou.default\key3.db c:\documents and settings\NetworkService\Application Data\zqpgubwx\Profiles\kqlmkeou.default\localstore.rdf c:\documents and settings\NetworkService\Application Data\zqpgubwx\Profiles\kqlmkeou.default\permissions.sqlite c:\documents and settings\NetworkService\Application Data\zqpgubwx\Profiles\kqlmkeou.default\places.sqlite c:\documents and settings\NetworkService\Application Data\zqpgubwx\Profiles\kqlmkeou.default\places.sqlite-journal c:\documents and settings\NetworkService\Application Data\zqpgubwx\Profiles\kqlmkeou.default\pluginreg.dat c:\documents and settings\NetworkService\Application Data\zqpgubwx\Profiles\kqlmkeou.default\prefs.js c:\documents and settings\NetworkService\Application Data\zqpgubwx\Profiles\kqlmkeou.default\secmod.db c:\documents and settings\NetworkService\Application Data\zqpgubwx\Profiles\kqlmkeou.default\webappsstore.sqlite c:\documents and settings\NetworkService\Application Data\zqpgubwx\Profiles\kqlmkeou.default\xpti.dat c:\documents and settings\NetworkService\Local Settings\Application Data\zqpgubwx\Profiles\kqlmkeou.default\urlclassifier3.sqlite c:\documents and settings\NetworkService\Local Settings\Application Data\zqpgubwx\Profiles\kqlmkeou.default\XPC.mfl c:\documents and settings\srajesh\Application Data\zqpgubwx\profiles.ini c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\cert8.db c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\compatibility.ini c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\compreg.dat c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\cookies.sqlite c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\formhistory.sqlite c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\key3.db c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\localstore.rdf c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\parent.lock c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\permissions.sqlite c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\places.sqlite c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\places.sqlite-journal c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\places.sqlite-stmtjrnl c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\pluginreg.dat c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\prefs.js c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\secmod.db c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\webappsstore.sqlite c:\documents and settings\srajesh\Application Data\zqpgubwx\Profiles\0yimccl5.default\xpti.dat c:\documents and settings\srajesh\Local Settings\Application Data\zqpgubwx\Profiles\0yimccl5.default\urlclassifier3.sqlite c:\documents and settings\srajesh\Local Settings\Application Data\zqpgubwx\Profiles\0yimccl5.default\XPC.mfl c:\windows\system32\drivers\SKYNETlobbpkti.sys c:\windows\system32\idwhwrp.dll c:\windows\system32\luyeism.dll c:\windows\system32\pcgejggy.dll c:\windows\system32\SKYNETaujyeuxf.dat c:\windows\system32\SKYNETlxgmxttg.dll c:\windows\system32\SKYNETvkaldpmt.dll c:\windows\system32\SKYNETysnlotnk.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SKYNETqrqqaqjo -------\Legacy_IBHQJRJY -------\Service_ibhqjrjy -------\Service_npf ((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 ))))))))))))))))))))))))))))))) . 2009-06-23 14:09 . 2009-06-23 14:09 53248 ----a-w- c:\temp\catchme.dll 2009-06-23 14:09 . 2009-06-23 14:09 -------- d-----w- c:\temp\WPDNSE 2009-06-23 14:09 . 2009-06-23 14:09 16384 ----atw- c:\temp\Perflib_Perfdata_c7c.dat 2009-06-23 14:06 . 2009-06-23 14:06 60416 ----a-w- c:\temp\Perflib_Perfdata__755.dat 2009-06-23 14:05 . 2009-06-23 14:05 16384 ----atw- c:\temp\Perflib_Perfdata_6cc.dat 2009-06-23 13:55 . 2009-06-23 13:55 16384 ----atw- c:\temp\Perflib_Perfdata_578.dat 2009-06-23 06:10 . 2009-06-23 13:44 -------- d-----w- c:\temp\vmware-srajesh 2009-06-23 04:24 . 2009-06-23 04:24 28029 ----a-w- c:\windows\system32\nvModes.dat 2009-06-23 03:22 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-06-23 03:22 . 2009-06-23 03:22 -------- d-----w- c:\program files\Panda Security 2009-06-23 01:11 . 2009-06-23 13:39 -------- d-----w- c:\temp\hsperfdata_srajesh 2009-06-23 00:14 . 2009-06-23 00:14 -------- d-----w- c:\program files\Trend Micro 2009-06-22 23:23 . 2009-06-22 23:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-06-22 23:12 . 2009-06-22 23:12 -------- d-----w- c:\documents and settings\srajesh\Application Data\Desktopicon 2009-06-22 23:12 . 2009-06-23 00:58 -------- d-----w- c:\program files\Unlocker 2009-06-22 22:38 . 2009-06-23 14:06 -------- d-s---w- c:\temp\Cookies 2009-06-22 22:38 . 2009-06-22 22:38 -------- d-s---w- c:\temp\Temporary Internet Files 2009-06-22 22:23 . 2009-06-22 22:23 -------- d-----w- c:\documents and settings\srajesh\Application Data\Malwarebytes 2009-06-22 22:23 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-22 22:23 . 2009-06-22 22:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-22 22:23 . 2009-06-22 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-22 22:23 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-22 20:47 . 2008-04-14 17:30 132608 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-22 20:32 . 2009-06-22 20:32 -------- d-s---w- c:\temp\History 2009-06-08 17:44 . 2006-12-04 23:53 187184 ----a-w- c:\windows\pskill.exe 2009-06-06 06:18 . 2009-06-06 06:18 -------- d-----w- c:\documents and settings\srajesh\Local Settings\Application Data\{8F63B591-B784-4C35-846E-BD9A6D261665} 2009-05-29 09:24 . 2009-05-29 09:24 -------- d-----w- c:\documents and settings\srajesh\Application Data\Cisco 2009-05-29 09:21 . 2009-05-29 09:21 -------- d-----w- c:\program files\Common Files\Cisco Systems 2009-05-29 09:21 . 2009-05-29 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco 2009-05-29 03:56 . 2009-05-29 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{56D005FF-7D1E-4AB2-AB90-C57391FA9F0D} 2009-05-29 03:56 . 2009-03-30 02:37 2620159 ----a-w- c:\documents and settings\All Users\Application Data\{56D005FF-7D1E-4AB2-AB90-C57391FA9F0D}\DGAgentSetup.exe 2009-05-29 03:56 . 2009-03-30 02:37 171869 ----a-w- c:\documents and settings\All Users\Application Data\{56D005FF-7D1E-4AB2-AB90-C57391FA9F0D}\mia.dll 2009-05-29 03:54 . 2009-05-29 03:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Seven Zip 2009-05-29 01:34 . 2009-05-29 03:57 53248 ----a-w- c:\windows\PSEXESVC.EXE 2009-05-28 05:15 . 2009-03-26 12:01 55856 ----a-w- c:\windows\system32\vnetinst.dll 2009-05-28 05:15 . 2009-03-26 12:01 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys 2009-05-28 05:15 . 2009-03-26 17:27 326192 ----a-w- c:\windows\system32\vmnetdhcp.exe 2009-05-28 05:15 . 2009-03-26 17:27 399920 ----a-w- c:\windows\system32\vmnat.exe 2009-05-28 05:15 . 2009-03-26 17:28 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2009-05-28 05:15 . 2009-03-26 12:01 50736 ----a-w- c:\windows\system32\vmnetbridge.dll 2009-05-28 05:15 . 2009-03-26 12:01 31280 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys 2009-05-28 05:15 . 2009-03-26 12:01 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys 2009-05-28 05:15 . 2009-03-26 17:27 723504 ----a-w- c:\windows\system32\vnetlib.dll 2009-05-28 05:14 . 2009-03-26 17:28 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys 2009-05-28 05:14 . 2009-05-28 05:14 -------- d-----w- c:\program files\VMware 2009-05-27 06:39 . 2009-05-27 06:39 -------- d-----w- c:\program files\MSXML 4.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-23 14:09 . 2008-01-17 09:42 -------- d-----w- c:\program files\Symantec AntiVirus 2009-06-23 14:09 . 2008-02-01 05:10 -------- d-----w- c:\documents and settings\ccase_albd3\Application Data\VMware 2009-06-23 14:09 . 2008-02-01 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware 2009-06-23 13:36 . 2007-06-11 17:03 2401 ----a-w- c:\windows\system32\drivers\AlKernel.sys 2009-06-23 06:11 . 2008-02-01 05:12 -------- d-----w- c:\documents and settings\srajesh\Application Data\VMware 2009-06-21 08:00 . 2009-06-22 14:27 259368 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2daa06.vdb\ECMSVR32.DLL 2009-06-17 08:00 . 2009-06-22 14:27 259368 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2da203.vdb\ECMSVR32.DLL 2009-06-04 15:22 . 2009-04-14 05:04 86016 ----a-w- c:\documents and settings\srajesh\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\ciscounifiedaddin6x5\specialhook.dll 2009-06-04 15:22 . 2009-04-14 05:04 158720 ----a-w- c:\documents and settings\srajesh\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\ciscounifiedaddin6x5\audiofunc.dll 2009-06-02 06:40 . 2008-01-22 10:30 83264 ----a-w- c:\documents and settings\srajesh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-29 09:21 . 2008-01-17 09:47 -------- d-----w- c:\program files\Cisco Systems 2009-05-28 12:42 . 2008-03-14 12:57 -------- d-----w- c:\program files\TortoiseCVS 2009-05-28 05:16 . 2008-02-01 04:52 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware 2009-05-06 06:19 . 2009-05-06 06:19 -------- d-----w- c:\documents and settings\srajesh\Application Data\Digsby 2009-04-14 05:04 . 2009-04-14 05:04 3253752 ----a-w- c:\documents and settings\srajesh\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\ciscounifiedaddin6x5\ciscounifiedaddin6x5.exe 2009-04-09 11:32 . 2009-04-09 11:32 89088 ----a-w- c:\documents and settings\srajesh\Application Data\Desktopicon\eBayShortcuts.exe 2009-03-30 02:11 . 2009-03-30 02:11 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-03-30 02:11 . 2009-03-30 02:11 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-03-26 17:28 . 2009-03-26 17:28 54960 ----a-w- c:\windows\system32\drivers\vmci.sys 2009-03-26 17:28 . 2009-03-26 17:28 857520 ----a-w- c:\windows\system32\drivers\vmx86.sys 2009-03-26 17:28 . 2009-03-26 17:28 32304 ----a-w- c:\windows\system32\drivers\hcmon.sys 2009-03-26 17:27 . 2009-03-26 17:27 14896 ----a-w- c:\windows\system32\drivers\vmparport.sys 2009-03-26 13:41 . 2009-03-26 13:41 248368 ----a-w- c:\windows\system32\vmnc.dll 2009-03-26 12:01 . 2008-09-28 04:34 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys 2008-07-17 04:20 . 2008-01-26 16:34 2025 ----a-w- c:\program files\Altir? 2008-07-17 04:20 . 2008-01-23 13:04 2832 ----a-w- c:\program files\Altir 2005-11-15 10:02 . 2005-11-15 10:02 3638 ----a-r- c:\program files\Common Files\Altiris_Icon.ico 2008-02-07 16:16 . 2008-02-07 16:16 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-02-07 16:16 . 2008-02-07 16:16 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-02-07 16:16 . 2008-02-07 16:16 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2008-02-07 16:16 . 2008-02-07 16:16 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-02-07 16:16 . 2008-02-07 16:16 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-02-07 16:16 . 2008-02-07 16:16 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2008-02-07 16:16 . 2008-02-07 16:16 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-03-16 11:57 . 2007-03-16 11:57 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll 2007-03-16 11:57 . 2007-03-16 11:57 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll 2007-03-16 11:57 . 2007-03-16 11:57 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll 2007-07-20 07:17 . 2007-07-20 07:17 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-02-07 16:16 . 2008-02-07 16:16 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2008-01-22 12:57 . 2008-01-22 10:29 88 --sh--w- c:\windows\system32\03E2AC0881.sys 2008-01-22 12:57 . 2008-01-22 10:25 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="-" [X] "AClntUsr"="c:\program files\Altiris\AClient\AClntUsr.EXE" [2009-06-23 184320] "AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2008-10-30 153416] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-26 1282048] "AeXRSAView"="c:\program files\Altiris\Recovery Solution Agent\AeXRSAView.exe" [2007-05-31 1204224] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-11 151552] "VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2009-03-26 64048] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 1 (0x1) "Start_ShowNetConn"= 1 (0x1) "NoChangeAnimation"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "NoDevMgrUpdate"= 1 (0x1) "NoChangeAnimation"= 1 (0x1) "NoThumbnailCache"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\AMInit.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,\\0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProtectedStorage] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"= "c:\\Program Files\\Klever\\Nothings\\PumpKIN.exe"= "c:\\WindRiver\\workbench-2.6\\dfw\\0160q\\host\\x86-win32\\bin\\dfwserver.exe"= "c:\\WindRiver\\jre\\1.5.0_11\\x86-win32\\bin\\javaw.exe"= "c:\\WindRiver\\workbench-2.6\\foundation\\4.0.11\\x86-win32\\bin\\wtxregd.exe"= "c:\\WindRiver\\workbench-2.6\\wrwb\\windriver\\eclipse\\plugins\\com.windriver.ide.symbol.win32_2.6.0\\os\\win32\\x86\\sniffcpp.exe"= "c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\Communicator.exe"= "c:\\Rajesh\\Portable Apps\\Yahoo! Messenger.exe"= "c:\\Rajesh\\Portable Apps\\Skype\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "43189:TCP"= 43189:TCP:Altiris Recovery Agent R0 OfmLvDrv;OfmLvDrv;c:\windows\system32\drivers\ofmlvdrv.sys [5/16/2007 2:42 AM 118683] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/22/2009 8:22 PM 28544] R1 AeXNSAgent32_;AeXNSAgent32_;c:\windows\system32\AeXNSAgent32_.sys [6/8/2007 5:50 PM 24064] R1 CCDevice;CCDevice;c:\windows\system32\drivers\CCDevice.sys [3/23/2005 7:14 PM 9216] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2/5/2009 1:10 AM 100560] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2/5/2009 1:10 AM 41680] R2 AeXNSAgent32;AeXNSAgent32;c:\windows\system32\AeXNSAgent32.exe [6/8/2007 5:50 PM 458752] R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [1/17/2008 2:45 AM 33664] R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [9/12/2006 7:46 PM 35697] R2 DriverX;DriverX;c:\windows\system32\drivers\driverx.sys [11/10/2008 3:44 AM 53408] R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:18 AM 116416] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [3/26/2009 10:28 AM 54960] R2 WindRiverProbe;Wind River Probe;c:\windows\system32\WRProbeSvc.exe [11/10/2008 5:21 AM 245728] R3 Cpmt;Cisco Media Termination;c:\windows\system32\drivers\Cpmt.sys [9/12/2006 7:47 PM 1293345] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 6:28 AM 101936] R3 Mvfs;Atria Multi-Version FS;c:\windows\system32\drivers\mvfs50.sys [7/24/2006 11:31 AM 508628] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2/5/2009 1:10 AM 87312] S2 Albd;Atria Location Broker;c:\program files\Rational\ClearCase\bin\albd_server.exe [7/24/2006 10:27 AM 176016] S3 Altiris Local Recovery Server;Altiris Local Recovery Server;c:\program files\Altiris\Recovery Solution Agent\LocalRSvc.exe [5/31/2007 8:35 AM 856064] S3 Dgabtpcc;Bluetooth PC Card;c:\windows\system32\drivers\dgabtpcc.sys [6/28/2008 11:04 PM 167571] S3 Dgal2cap;Bluetooth Bus Driver;c:\windows\system32\drivers\dgaL2Cap.sys [6/28/2008 11:04 PM 54953] S3 DGANAT;Bluetooth NAT Protocol;c:\windows\system32\drivers\dgaNAT.sys [6/28/2008 11:04 PM 28049] S3 DgaNdis;Bluetooth Ethernet Adapter;c:\windows\system32\drivers\dgaNdis.sys [6/28/2008 11:04 PM 7439] S3 DGARFCOM;%DGARFCOM.DeviceDesc%;c:\windows\system32\drivers\dgaRfCom.sys [6/28/2008 11:04 PM 48265] S3 DGASDP;Bluetooth SDP Protocol;c:\windows\system32\drivers\dgaSdp.sys [6/28/2008 11:04 PM 34017] S3 DgaSer;%DGASER.DeviceDesc%;c:\windows\system32\drivers\dgaSer.sys [6/28/2008 11:04 PM 44423] --- Other Services/Drivers In Memory --- *NewlyCreated* - IBHQJRJY *Deregistered* - ibhqjrjy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs chjtmgsb . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - BHO-{05A12010-E7A9-423E-9F8C-596D9A417FFe} - (no file) Notify-ccnotify - c:\program files\Rational\bin\ccnotify.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://intranet.broadcom.com/ uInternet Connection Wizard,ShellNext = hxxp://intranet.broadcom.com/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files\VMware\VMware Player\vsocklib.dll Trusted Zone: broadcom.com DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-23 07:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... c:\program files\DGAgent\DgService.exe [768] 0x88B39DA0 c:\program files\DGAgent\DgAgent.exe [1740] 0x88BEB020 c:\program files\DGAgent\DgPrompt.exe [3268] 0x886A9B08 c:\program files\DGAgent\DgScan.exe [2780] 0x8879CDA0 scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\drivers\DGAPIMon.sys 115712 bytes executable c:\windows\system32\drivers\DGBUSMon.sys 42368 bytes executable c:\windows\system32\drivers\DGCotMan.sys 116352 bytes executable c:\windows\system32\drivers\dgdmk.sys 289152 bytes executable c:\windows\system32\drivers\dgdmkl.sys 290432 bytes executable c:\windows\system32\drivers\dgds.sys 166656 bytes executable c:\windows\system32\drivers\dgdsl.sys 167552 bytes executable c:\windows\system32\drivers\dgdt.sys 132736 bytes executable c:\windows\system32\drivers\dgdtl.sys 134784 bytes executable c:\windows\system32\drivers\dgfiltr.sys 62208 bytes executable c:\windows\system32\drivers\dgfsmon.SYS 91264 bytes executable c:\windows\system32\drivers\DGKPMail.sys 33024 bytes executable c:\windows\system32\drivers\DGMaster.sys 581376 bytes executable c:\windows\system32\drivers\dgrec.sys 34560 bytes executable c:\windows\system32\drivers\DGRule.sys 97792 bytes executable c:\windows\system32\drivers\DGTDIMon.sys 127360 bytes executable c:\windows\system32\drivers\DGUSBMon.sys 51456 bytes executable c:\windows\system32\DgApi.dll 638976 bytes executable c:\windows\system32\DGShlExt.dll 126976 bytes executable scan completed successfully hidden files: 19 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGAPIMon] "ImagePath"="\??\c:\windows\System32\Drivers\DGAPIMon.SYS" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGBusMon] "ImagePath"="System32\Drivers\DGBusMon.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGCOTMAN] "ImagePath"="\??\c:\windows\System32\Drivers\DGCOTMAN.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGDmk] "ImagePath"="System32\Drivers\DgDmk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGDmkl] "ImagePath"="System32\Drivers\DgDmkl.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGDS] "ImagePath"="System32\Drivers\DgDs.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGDSL] "ImagePath"="System32\Drivers\DgDsl.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGDT] "ImagePath"="System32\Drivers\DgDt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGDTL] "ImagePath"="System32\Drivers\DgDtl.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGFILTR] "ImagePath"="System32\Drivers\DgFiltr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGFSMon] "ImagePath"="\??\c:\windows\System32\Drivers\DGFSMon.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGKPMail] "ImagePath"="\??\c:\windows\System32\Drivers\DGKPMail.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGMaster] "ImagePath"="System32\Drivers\DGMaster.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGREC] "ImagePath"="System32\Drivers\DgRec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGRoot] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGRule] "ImagePath"="\??\c:\windows\System32\Drivers\DGRule.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGScan] "ImagePath"="\"c:\program files\DGAgent\DgScan.exe\" -s" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGService] "ImagePath"="\"c:\program files\DGAgent\DgService.exe\" -s" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGTDIMon] "ImagePath"="\??\c:\windows\System32\Drivers\DGTDIMon.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGUSBMon] "ImagePath"="\??\c:\windows\System32\Drivers\DGUSBMon.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccEvtMgr] "ImagePath"="-" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT] "ImagePath"="-" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc] "ImagePath"="-" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI] "ImagePath"="-" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1860) c:\program files\Rational\ClearCase\bin\ccasenp.dll c:\program files\Rational\ClearCase\bin\LIBATRIANT.dll - - - - - - - > 'lsass.exe'(1916) c:\program files\Rational\ClearCase\bin\ccasenp.dll c:\windows\System32\BCMLogon.dll c:\program files\Rational\ClearCase\bin\LIBATRIANT.dll - - - - - - - > 'explorer.exe'(4556) c:\program files\DGAgent\plugins\09D849B6-32D3-4a40-85EE-6B84BA29E35B\AE_MailSensor_Plugin.dll c:\program files\DGAgent\plugins\09D849B6-32D3-4a40-85EE-6B84BA29E35B\AME_SMTPSensor.dll c:\program files\DGAgent\plugins\09D849B6-32D3-4a40-85EE-6B84BA29E35B\AME_OutlookSensor.dll c:\program files\TortoiseCVS\TortoiseShell.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Altiris\AClient\ACLIENT.EXE c:\program files\Altiris\Altiris Agent\AeXNSAgent.exe c:\program files\Altiris\Recovery Solution Agent\AeXRSAgt.exe c:\program files\Rational\ClearCase\bin\cccredmgr.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Dell\OpenManage\Client\Iap.exe c:\program files\Rational\ClearCase\bin\lockmgr.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\vmnat.exe c:\windows\system32\vmnetdhcp.exe c:\program files\VMware\VMware Player\vmware-authd.exe c:\windows\system32\rundll32.exe c:\program files\Altiris\Altiris Agent\AeXAgentUIHost.exe c:\program files\Apoint\hidfind.exe c:\program files\Apoint\ApntEx.exe . ************************************************************************** . Completion time: 2009-06-23 7:12 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-23 14:12 Pre-Run: 11,654,643,712 bytes free Post-Run: 11,524,907,008 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect 405
  4. Hi All, Somewhere during yesterday night i contracted the Vundo. (i had left my system on.. Donno if i can contract Vundo just by that.. or perhaps some site i visited yesterday). Today i got MBAM and cleaned up the infection. But as i didn't remove the infected dll files and registry entry after rebooting several times, I booted into a bartPE recovery disk and deleted the infected files, and also the register entry (By offline-loading the registry hive from with in bartpe). Aftyer that, Vundo seems to be gone. I checked with MBAM and it saysd that my system is clean. For a good measure I also checked with Symantec Antivirus, and with the online scanner from panda, and all of then say that my system is clean. But I have one issue now.. No, two.. - Symantec Auto-Protect is Disabled. If i enable it, it gets disabled again within a second. - In Firefox, if i click on a link or do a "Open in new tab", it opens some junk "Not Found" page, but if i copy-paste the link, then it works OK. Please tell me if i still have a malware, or this is some after-effect.. Please find attached my latest HijackThis and MBAM logs.. Thank You Very Much Rajesh Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:21:42 PM, on 6/22/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\DGAgent\DgService.exe C:\Program Files\DGAgent\dgagent.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Altiris\AClient\AClient.exe C:\WINDOWS\system32\AeXNSAgent32.exe C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Altiris\Recovery Solution Agent\AeXRSAgt.exe C:\Program Files\VMware\VMware Player\hqtray.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Altiris\Recovery Solution Agent\AeXRSAView.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Rational\ClearCase\bin\lockmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\WRProbeSvc.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Player\vmware-authd.exe C:\Program Files\DGAgent\DgScan.exe C:\Program Files\Altiris\AClient\AClntUsr.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.broadcom.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet.broadcom.com/ O2 - BHO: (no name) - {05A12010-E7A9-423E-9F8C-596D9A417FFe} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] - O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [AeXRSAView] C:\Program Files\Altiris\Recovery Solution Agent\AeXRSAView.exe -logon O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O15 - Trusted Zone: *.broadcom.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.ad.broadcom.com O17 - HKLM\Software\..\Telephony: DomainName = corp.ad.broadcom.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.ad.broadcom.com O20 - AppInit_DLLs: AMINIT.dll O20 - Winlogon Notify: ccnotify - C:\Program Files\Rational\bin\ccnotify.dll (file missing) O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe O23 - Service: AeXNSAgent32 - Unknown owner - C:\WINDOWS\system32\AeXNSAgent32.exe O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe O23 - Service: Atria Location Broker (Albd) - IBM Corporation - C:\Program Files\Rational\ClearCase\bin\albd_server.exe O23 - Service: Altiris Local Recovery Server - Altiris, Inc. - C:\Program Files\Altiris\Recovery Solution Agent\LocalRSvc.exe O23 - Service: Altiris Recovery Solution Agent - Altiris, Inc. - C:\Program Files\Altiris\Recovery Solution Agent\AeXRSAgt.exe O23 - Service: Altiris Recovery Solution FAL Stopper - Altiris, Inc. - C:\Program Files\Altiris\Recovery Solution Agent\AeXFALS.exe O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exe O23 - Service: Rational Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - - (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Usage History Scanning Service (DGScan) - Verdasys, Inc. - C:\Program Files\DGAgent\DgScan.exe O23 - Service: Usage History Monitor (DGService) - Verdasys, Inc. - C:\Program Files\DGAgent\DgService.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Rational Lock Manager (LockMgr) - IBM Corporation - C:\Program Files\Rational\ClearCase\bin\lockmgr.exe O23 - Service: Rational ClearQuest Mail Service (MailService) - IBM Corporation - C:\Program Files\Rational\ClearQuest\mailservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Wind River Probe (WindRiverProbe) - Wind River Systems - C:\WINDOWS\system32\WRProbeSvc.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 8108 bytes Malwarebytes' Anti-Malware 1.38 Database version: 2323 Windows 5.1.2600 Service Pack 2 6/22/2009 10:26:42 PM mbam-log-2009-06-22 (22-26-42).txt Scan type: Quick Scan Objects scanned: 115160 Time elapsed: 4 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.